On Mon, 17 May 2010 10:38:55 -0400
Bill Davidsen <[email protected]> wrote:
> Christoph Höger wrote:
> > Hi,
> >
> > I need to ssh to some remote VM that sit in a private LAN. For any other
> > service (e.g. RDP) I'd use ssh tunneling just normal.
> > But what do I do for ssh traffic? Since ssh is not host agnostic, it
> > will always complain about localhost having a different RSA key.
> > I just do not want to edit the known_hosts every time I need to connecto
> > to a new machine!
> >
> I just remembered having a similar problem and how I solved it. I added a fixed
> IP for the machine at the end of the tunnel in /etc/hosts, and the fixed IP was
> 127.0.0.X, which seemed to allow a unique entry in known_hosts on the
> originating machine. Since all of 127/8 is used for loopback, I decided to use
> another address for the made up machine name.
>
> You still have to edit /etc/hosts for each new machine, but once and only once
> per machine.
>
Alternative:
~/.ssh/config
CheckHostIP
If this flag is set to ``yes'', ssh(1) will additionally check
the host IP address in the known_hosts file. This allows ssh to
detect if a host key changed due to DNS spoofing. If the option
is set to ``no'', the check will not be executed. The default is
``yes''.
BR, Bob
--
users mailing list
[email protected]
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines